<?php

    require "../init.php";


    // 验证表单数据是否为空;
    foreach($_POST as $key){
        if(empty($key)){
            redirect("表单数据不能为空");
            die;
        }
    }


    if(empty($_SESSION['updatepwd'])){
        //接受参数
        $telcode = $_POST['telcode'];
        $tel = $_POST['tel'];

        //验证手机号
        $regex_tel = '/^1\d{10}$/';
        if(!preg_match($regex_tel, $tel)){
            redirect("手机号格式不正确");
            die();
        }
        //验证手机验证码
        if($telcode == 000000){

            $_SESSION['phone'] = $tel;
            $_SESSION['updatepwd'] = 1;
            $_SESSION['step'] = "第二步";
            redirect("进入下一步",3,ROOT_URL."getpwd.php");
            die();
        }
    }else{
        $pwd = md5($_POST['password']);
        $repwd = md5($_POST['repassword']);
        if($pwd == $repwd){
            //准备sql语句更改密码
            $sql = "update " . PRE . "user set pwd = '".$pwd."' where
            tel = '". $_SESSION['phone']."'" ;
            //执行sql
            $result = execute($link, $sql);
            //关闭mysql
            mysqli_close($link);
            //处理结果集
            if($result){
                unset($_SESSION['phone']);
                unset($_SESSION['updatepwd']);
                unset($_SESSION['step']);
                redirect("修改密码成功",3,ROOT_URL."login.php");
                die();
            }
        }else{
            redirect("两次密码输入不一致",10,ROOT_URL."getpwd.php");
            die();
        }
    }


?>